Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3636

IMAP plainAuthDisallowed should be true by default

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.6.0
    • 3.7.0
    • IMAPServer
    • None

    Description

      Encouraging non encrypted login is definitely a bad practice and could lead to session fixation (where the attacker logs in first then the victim do not realize it's login fails).

      We should make the safe 'plainAuthDisallowed' option the default everywhere.

      Attachments

        Activity

          People

            Unassigned Unassigned
            btellier Benoit Tellier
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: